[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: CVE-2008-5378: possible symlink attacks

On Mon, 29 Dec 2008, Thomas Viehmann wrote:

  Never use mktemp().

Args - I've read this and intended to use in both cases mkstemp - but then
just forgot this.  I think just for reading files mktemp is fine.  The
rationale is that I do not really want to rewrite the reading routine
which opens the file to read.  The mkstemp function also opens the file
and returns a handle - which is just very different from the current code.
I commited a hopefully better patch (where mkstemp is used for writing
a file).

(This is what I meant with my comment to think about securely created
filenames instead of files, you need to use mk*s*temp which has
different semantics).

At least I had the good idea to ask vor cross checking ...

The killing part is also still somewhat wrong, IMO you want something
along the lines of
x=$(stat -c '%u %f' x) ; [ "${x%???}" == "$UID 8" ] || echo fail
to test whether it's a regular file that you own (though there is bound
to be a prettier way to verify that, even if [ -f ... ] is not part of it).

Do you think that this is definitely needed to avoid any security
problem in this specific case?

Kind regards



Reply to: